Your HR and Payroll compliance and policy solution! Comply with federal, state, and international laws, find answers to your most challenging questions, get timely updates with email alerts, and more with our suite of products.

March 13 — As Australia marks the first anniversary of major changes to the country's privacy law, a lawyer March 13 said that the nation's privacy commissioner will focus in the coming year much more heavily on compliance.

The government is attempting to steer through Parliament a bill requiring Internet service providers to store metadata for two years, he said.

Mandatory data breach notification is “certainly something they are talking about to sweeten the metadata bill,” by demonstrating there will be suitable safeguards, Christie said.

104 Voluntary Breach Notifications

March 12 marked the first anniversary of the effective date of changes to the federal Privacy Act 1988, which included a new set of privacy principles and expanded powers for Privacy Commissioner Timothy Pilgrim.

The amendments, however, didn't include mandatory data breach notification as recommended by the Australian Law Reform Commission in its 2008 review of the nation's privacy law. The government said at the time that mandatory data breach notification would be dealt with in subsequent legislation.

In August 2014, the Office of the Australian Information Commissioner revised its guidance on data breach notification to account for amendments to the framework privacy law. The guide strongly recommended breach notification but didn't require it.

In the year since the changes to the law took effect, the commissioner's office received 104 voluntary data breach notifications and recorded a 43 percent increase in privacy complaints, according to a March 12 statement by the office.

“Over the last year we have focused on working with business, government agencies and the wider community to ensure that everyone has the tools and information they need to understand and implement the changes,” Pilgrim said in the statement.

Enforcement on the Horizon

Christie said the commissioner had worked hard to promote the overhauled Privacy Act over the past year.

“I think there is certainly more awareness and appreciation of privacy obligations at the big end of town and among those people who deal with information as their core business,” he said.

But in other parts of business, there is still a widespread misconception that privacy isn't important or that companies can't be fined for privacy breaches, he said.

Those businesses could be in for a rude shock, according to Christie.

“I see this year that has just gone, with a couple of exceptions, as the privacy commissioner pushing the education barrow,” he said.

“I see the next 12 months as the—for want of a better word—the ‘punishment 12 months,’ ” Christie said. The commissioner “is now going to punish people that haven't learnt the lesson.”

Random Audits

Christie said that the privacy commissioner in February told a conference that he would be conducting random audits of 21 organizations to check whether their online privacy policies comply with the overarching Australian Privacy Principle 1, which requires the open and transparent management of personal information.

Although the organizations to be audited are yet to be named, they are bound to include some major companies, Christie said.

He added that the privacy commissioner had already shown a willingness to exercise his new powers to conduct own-motion investigations and said the commissioner's reports of these investigations had already evolved to provide much more direct appraisals of what mistakes had been made.

Christie said that the introduction of mandatory breach notification, if it occurs, would inevitably result in many more breaches being reported and becoming public.

Many organizations still take advantage of their right not to report data breaches, while some companies that do report breaches to the commissioner have still been able to keep them out of the public eye, Christie said.

Once there is mandatory notification, “it is all going to be public,” he said.

All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to books@bna.com.

Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)

Notify me when updates are available (No standing order will be created).

This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to research@bna.com.

Put me on standing order

Notify me when new releases are available (no standing order will be created)